fix(deps): vuln go.opentelemetry.io/otel/sdk (minor → v1.43.0) [tasks/unit_tests]#50536
Conversation
github-actions
Bot
added
the
short review
Files inventory check summaryFile checks results against ancestor 58d5a5f7: Results for datadog-agent_7.81.0~devel.git.736.b14ffd5.pipeline.118331718-1_amd64.deb:No change detected |
|
This pull request has been automatically marked as stale because it has not had activity in the past 15 days. It will be closed in 30 days if no further activity occurs. If this pull request is still relevant, adding a comment or pushing new commits will keep it open. Also, you can always reopen the pull request if you missed the window. Thank you for your contributions! |
|
Auto-rebase completeBranch is up to date with Auto-Rebase · Add |
dd-octo-sts-2c363b
Bot
force-pushed
the
engraver-auto-version-upgrade/minorpatch/go/unit_tests/3-1778213042
branch
from
7933d2d to
949b52f
Compare
|
@codex review |
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 949b52fb88
ℹ️ About Codex in GitHub
Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".
| @@ -13,64 +13,3 @@ replace ( | |||
| github.com/DataDog/datadog-agent/pkg/util/log => ../util/log/ | |||
| github.com/DataDog/datadog-agent/pkg/util/scrubber => ../util/scrubber/ | |||
| ) | |||
There was a problem hiding this comment.
With the require blocks removed from this fixture, invalid_package no longer requires github.com/DataDog/datadog-agent/pkg/util/sort while omitting its replace, so modformatter has no missing internal dependency to report. The existing test_invalid_go_mod_check expects this fixture to produce output, and test_invalid_go_mod_format expects formatting to add the missing replace; both are now testing an effectively valid file instead of the intended invalid case.
Useful? React with 👍 / 👎.
Auto-rebase completeBranch is up to date with Auto-Rebase · Add |
dd-octo-sts-4caf68
Bot
force-pushed
the
engraver-auto-version-upgrade/minorpatch/go/unit_tests/3-1778213042
branch
from
949b52f to
1ed9933
Compare
|
@codex review |
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 1ed993326b
ℹ️ About Codex in GitHub
Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".
| @@ -13,64 +13,3 @@ replace ( | |||
| github.com/DataDog/datadog-agent/pkg/util/log => ../util/log/ | |||
| github.com/DataDog/datadog-agent/pkg/util/scrubber => ../util/scrubber/ | |||
| ) | |||
There was a problem hiding this comment.
With all require directives removed from this fixture, modformatter has no internal dependencies to validate, so TestGoModFormatter.test_invalid_go_mod_check no longer sees the expected missing replace for pkg/util/sort and will get empty output instead of an error. This also makes test_invalid_go_mod_format stop exercising the formatter path, so the unit-test fixture no longer validates the behavior it was added for.
Useful? React with 👍 / 👎.
github-actions
Bot
added
medium review
Auto-rebase completeBranch is up to date with Auto-Rebase · Add |
dd-octo-sts-6354d5
Bot
force-pushed
the
engraver-auto-version-upgrade/minorpatch/go/unit_tests/3-1778213042
branch
from
1ed9933 to
1c6380f
Compare
|
@codex review |
Auto-rebase completeBranch is up to date with Auto-Rebase · Add |
dd-octo-sts-b8cf80
Bot
force-pushed
the
engraver-auto-version-upgrade/minorpatch/go/unit_tests/3-1778213042
branch
from
1c6380f to
de80a4c
Compare
|
@codex review |
|
@codex review |
There was a problem hiding this comment.
💡 Codex Review
https://github.com/DataDog/datadog-agent/blob/aadb79de409682fe1e15a4f03ed692dafed8f485/tasks/unit_tests/testdata/go_mod_formatter/invalid_package/go.mod#L16
Removing the require blocks from this invalid fixture leaves modfile.Parse with an empty f.Require, so internal/tools/modformatter has no Datadog dependency to check for a missing replace. In the inspected tasks/unit_tests/go_mod_formatter_tests.py flow, test_invalid_go_mod_check and test_invalid_go_mod_format now get empty output instead of the expected missing-replace message, so the unit test suite fails and the fixture no longer exercises the formatter behavior.
ℹ️ About Codex in GitHub
Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".
Auto-rebase completeBranch is up to date with Auto-Rebase · Add |
|
@codex review |
There was a problem hiding this comment.
💡 Codex Review
https://github.com/DataDog/datadog-agent/blob/d398930277871122048dc085e49a1d48ed870b92/tasks/unit_tests/testdata/go_mod_formatter/invalid_package/go.mod#L17
By removing the require blocks from this fixture, internal/tools/modformatter sees an empty f.Require list and no longer reports any missing internal replace directives. That makes the fixture indistinguishable from a valid file and causes test_invalid_go_mod_check / test_invalid_go_mod_format in tasks/unit_tests/go_mod_formatter_tests.py to stop detecting the intended error case.
ℹ️ About Codex in GitHub
Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".
Auto-rebase completeBranch is up to date with Auto-Rebase · Add |
|
@codex review |
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 9d31fee14b
ℹ️ About Codex in GitHub
Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".
| @@ -13,64 +13,3 @@ replace ( | |||
| github.com/DataDog/datadog-agent/pkg/util/log => ../util/log/ | |||
| github.com/DataDog/datadog-agent/pkg/util/scrubber => ../util/scrubber/ | |||
| ) | |||
There was a problem hiding this comment.
With the require blocks removed from this fixture, modformatter has no f.Require entries to inspect, so test_invalid_go_mod_check no longer sees the intentionally missing github.com/DataDog/datadog-agent/pkg/util/sort replacement and the fixture is treated as valid. This makes the formatter unit tests fail and removes coverage for the missing-replace case; keep the dependency list and update only the vulnerable OpenTelemetry versions instead of deleting the block.
Useful? React with 👍 / 👎.
Auto-rebase completeBranch is up to date with Auto-Rebase · Add |
|
@codex review |
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: a7532eeeb3
ℹ️ About Codex in GitHub
Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".
| @@ -13,64 +13,3 @@ replace ( | |||
| github.com/DataDog/datadog-agent/pkg/util/log => ../util/log/ | |||
| github.com/DataDog/datadog-agent/pkg/util/scrubber => ../util/scrubber/ | |||
| ) | |||
There was a problem hiding this comment.
Removing the entire require section from the invalid_package fixture makes it no longer invalid: modformatter only reports missing replaces while iterating f.Require, so with zero required modules run_mod_formatter(.../invalid_package/, allow_fail=True) emits no output and test_invalid_go_mod_check at tasks/unit_tests/go_mod_formatter_tests.py:36-38 fails. This fixture should keep the internal requirements that are intentionally missing from the replace block, updating only the vulnerable dependency version if needed.
Useful? React with 👍 / 👎.
Auto-rebase completeBranch is up to date with Auto-Rebase · Add |
|
@codex review |
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: f5686843b0
ℹ️ About Codex in GitHub
Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".
| @@ -13,64 +13,3 @@ replace ( | |||
| github.com/DataDog/datadog-agent/pkg/util/log => ../util/log/ | |||
| github.com/DataDog/datadog-agent/pkg/util/scrubber => ../util/scrubber/ | |||
| ) | |||
There was a problem hiding this comment.
With this fixture stripped down to only replace directives, modformatter.go has no f.Require entries to inspect, so it never reports a missing replace. This makes the intentionally invalid fixture behave as valid, causing test_invalid_go_mod_check and test_invalid_go_mod_format to receive empty output where they assert a formatter error/repair message.
Useful? React with 👍 / 👎.
Auto-rebase completeBranch is up to date with Auto-Rebase · Add |
|
@codex review |
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: e3e9d7696a
ℹ️ About Codex in GitHub
Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".
| @@ -13,64 +13,3 @@ replace ( | |||
| github.com/DataDog/datadog-agent/pkg/util/log => ../util/log/ | |||
| github.com/DataDog/datadog-agent/pkg/util/scrubber => ../util/scrubber/ | |||
| ) | |||
There was a problem hiding this comment.
With this fixture now ending after the replace block, modformatter parses an empty f.Require list, so the invalid fixture no longer contains any Datadog requirements to validate against the missing replace. tasks/unit_tests/go_mod_formatter_tests.py::test_invalid_go_mod_check expects this path to emit an error, but it will return empty output, and the format test also loses the missing-replace case. Please keep the require entries and update only the vulnerable version instead of deleting the block.
Useful? React with 👍 / 👎.
Auto-rebase completeBranch is up to date with Auto-Rebase · Add |
|
@codex review |
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: a4280a740e
ℹ️ About Codex in GitHub
Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".
| @@ -13,64 +13,3 @@ replace ( | |||
| github.com/DataDog/datadog-agent/pkg/util/log => ../util/log/ | |||
| github.com/DataDog/datadog-agent/pkg/util/scrubber => ../util/scrubber/ | |||
There was a problem hiding this comment.
With this fixture reduced to only replace directives, modformatter has no f.Require entries to inspect, so it never reports the intentionally missing replacement that test_invalid_go_mod_check and test_invalid_go_mod_format assert on. In this testdata directory, the invalid case depended on requiring github.com/DataDog/datadog-agent/pkg/util/sort while omitting its replace; deleting the require blocks makes those tests fail and removes coverage for the formatter's missing-replace path.
Useful? React with 👍 / 👎.
Auto-rebase completeBranch is up to date with Auto-Rebase · Add |
|
@codex review |
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: d8c3bb21f0
ℹ️ About Codex in GitHub
Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".
| @@ -13,64 +13,3 @@ replace ( | |||
| github.com/DataDog/datadog-agent/pkg/util/log => ../util/log/ | |||
| github.com/DataDog/datadog-agent/pkg/util/scrubber => ../util/scrubber/ | |||
| ) | |||
There was a problem hiding this comment.
With the require sections removed, this fixture no longer contains any github.com/DataDog/datadog-agent requirements for modformatter to validate, so test_invalid_go_mod_check gets empty output instead of the expected missing-replace error. The invalid fixture specifically needs a required internal module that is absent from the replace block (previously pkg/util/sort) to keep the unit test meaningful and passing.
Useful? React with 👍 / 👎.
Auto-rebase completeBranch is up to date with Auto-Rebase · Add |
|
@codex review |
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 24eb5b2134
ℹ️ About Codex in GitHub
Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".
| @@ -13,64 +13,3 @@ replace ( | |||
| github.com/DataDog/datadog-agent/pkg/util/log => ../util/log/ | |||
| github.com/DataDog/datadog-agent/pkg/util/scrubber => ../util/scrubber/ | |||
| ) | |||
There was a problem hiding this comment.
This fixture is only invalid because it requires github.com/DataDog/datadog-agent/pkg/util/sort without a matching replace; after deleting all require entries, internal/tools/modformatter has an empty f.Require slice to inspect, so test_invalid_go_mod_check and the first formatting assertion in test_invalid_go_mod_format no longer get the expected diagnostic output. This breaks the unit test coverage for missing internal replaces rather than updating the vulnerable dependency.
Useful? React with 👍 / 👎.
Co-authored-by: dd-octo-sts[bot] <200755185+dd-octo-sts[bot]@users.noreply.github.com>
Auto-rebase completeBranch is up to date with Auto-Rebase · Add |
|
@codex review |
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: b14ffd5492
ℹ️ About Codex in GitHub
Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".
| @@ -13,64 +13,3 @@ replace ( | |||
| github.com/DataDog/datadog-agent/pkg/util/log => ../util/log/ | |||
| github.com/DataDog/datadog-agent/pkg/util/scrubber => ../util/scrubber/ | |||
| ) | |||
There was a problem hiding this comment.
After this deletion, invalid_package/go.mod has no require directives, so modformatter iterates over an empty f.Require list and never reports the missing internal replacement that these tests are meant to exercise. This makes test_invalid_go_mod_check and the first assertion in test_invalid_go_mod_format expect output that can no longer be produced; update the vulnerable OpenTelemetry version in the fixture instead of removing the dependency block.
Useful? React with 👍 / 👎.
Summary: High-severity security update — 2 packages upgraded (MINOR changes included)
Manifests changed:
tasks/unit_tests(go)✅ Action Required: Please review the changes below. If they look good, approve and merge this PR.
Updates
Security Details
🚨 Critical & High Severity (8 fixed)
Review Checklist
Standard review:
Update Mode: Vulnerability Remediation (High)
🤖 Generated by DataDog Automated Dependency Management System